The World Wide Web Consortium has just signaled its intention to deliberately create legal jeopardy for security researchers who reveal defects in its members' products, unless the security researchers get the approval of its members prior to revealing the embarrassing mistakes those members have made in creating their products. It's a move that will put literally billions of people at risk as researchers are chilled from investigating and publishing on browsers that follow W3C standards.
It is indefensible.
New state bills that would create a database firewall between California and the federal government passed out of their respective Senate committees on Tuesday. Both are headed to the Appropriations Committee and then could soon see votes by the full California Senate. If passed, these critical bills would help prevent Muslim registries and mass deportations in California and would send a strong message to the Trump administration that Californians will resist his attacks on digital liberty.
The Copyright Office, and those who lead it, should serve the public as a whole, not just major media and entertainment companies. That’s what we told the leadership of the House Judiciary Committee this week. If Congress restructures the Copyright Office, it has to put in safeguards against the agency becoming nothing more than a cheerleader for large corporate copyright holders.
The last year has seen enormous progress in encrypting the web. Two categories in particular have made extraordinary strides: news sites and US government sites. The progress in those fields is due to months of hard work from many technologists; it can also be attributed in part to advocacy and sound policy.
Freedom of the Press Foundation has been leading the call for news organizations to implement HTTPS. In December 2016, it launched Secure the News, which tracks HTTPS deployment across the industry, grading sites on the thoroughness of their implementation.
Perfect 10 just can’t seem to help itself.
In case you missed it, the U.S. Court of Appeals for the Ninth Circuit handed (yet another) crushing defeat to the adult website and serial copyright litigant Perfect 10, this time in its lawsuit against Usenet access provider Giganews. The Ninth Circuit soundly rejected each of Perfect 10’s claims – clarifying that yes, direct copyright infringement still requires some volitional conduct on the part of the defendant, and no, Giganews could not be held liable for contributory or vicarious copyright infringement either. We filed a brief arguing as much, and we’re happy the court agreed.
Can foreign governments spy on Americans in America with impunity? That was the question in front of the U.S. Court of Appeals for the District of Columbia Circuit Thursday, when EFF, human rights lawyer Scott Gilmore, and the law firms of Jones Day and Robins Kaplan went to court in Kidane v. Ethiopia.
Everyone should be able to read the law, discuss it, and share it with others, without having to pay a toll or sign a contract. Seems obvious, right? Unfortunately, a federal district court has said otherwise, ruling that private organizations can use copyright to control access to huge portions of our state and federal laws. The court ordered Public.Resource.Org to stop providing public access to these key legal rules.
The Supreme Court already has a list of digital civil liberties issues to consider in the near future, and that list is likely to grow.
If confirmed, President Donald Trump’s nominee to fill the late Justice Antonin Scalia’s seat on the Supreme Court—Judge Neil Gorsuch of the U.S. Court of Appeals for the Tenth Circuit—will be in a position to make crucial decisions affecting our basic rights to privacy, free expression, and innovation.
The Supreme Court is being asked to consider a pair of cases dealing with law enforcement obtaining cell phone location records: the U.S. v. Graham ruling out of the Fourth Circuit Court of Appeals and the U.S. v. Carpenter out of the Sixth Circuit Court of Appeals. In both cases, the courts ruled that law enforcement did not need a warrant to obtain long-term, historical cell phone location data pinpointing a suspect’s location and movement.
EFF recently received dozens of pages of documents in response to a FOIA request we submitted about Operation Choke Point, a Department of Justice project to pressure banks and financial institutions into cutting off service to certain businesses. Unfortunately, the response from the Department of Justice leaves many questions unanswered.
EFF has been tracking instances of financial censorship for years to identify how online speech is indirectly silenced or intimidated by shuttering bank accounts, donation platforms, and other financial institutions. The Wall Street Journal wrote about the Justice Department’s controversial and secretive campaign against financial institutions in 2013, and one Justice Department official quoted in the article stated:
The Copyright Alert System has called it quits, but questions remain about what, if anything, will replace it. Known also as the “six strikes” program, the Copyright Alert System (CAS) was a private agreement between several large Internet service providers (ISPs) and big media and entertainment companies, with government support. The agreement allowed the media and entertainmenet companies to monitor those ISPs' subscribers' peer-to-peer network traffic for potential copyright infringement, and imposed penalties on subscribers accused of infringing.
The House passed the Email Privacy Act (H.R. 387) yesterday, bringing us one step closer to requiring a warrant before law enforcement can access private communications and documents stored online with companies such as Google, Facebook, and Dropbox. But the fight is just beginning.
Rep. Blake Farenthold (R-Texas) and Jared Polis (D-Colo.) just re-introduced their You Own Devices Act (YODA), a bill that aims to help you reclaim some of your ownership rights in the software-enabled devices you buy.
As a school librarian at a small K-12 district in Illinois, Angela K. is at the center of a battle of extremes in educational technology and student privacy.
On one side, her district is careful and privacy-conscious when it comes to technology, with key administrators who take extreme caution with ID numbers, logins, and any other potentially identifying information required to use online services. On the other side, the district has enough technology “cheerleaders” driving adoption forward that now students as young as second grade are using Google’s G Suite for Education.
President Donald Trump’s nominee to lead the country’s law enforcement has cleared the Senate.
The Senate voted 52-47 on Wednesday to confirm Sen. Jeff Sessions, whose record on civil liberties issues—including digital rights—has drawn fire from Democratic lawmakers and public interest groups.
EFF has expressed concerns about Sessions’ record on surveillance, encryption, and freedom of the press. Those concerns intensified during his confirmation process.
Bad news for Internet users. In his first few days in office, FCC Chairman Ajit Pai has shelved the Commission’s investigation into Internet companies’ zero-rating practices and whether they violate the Commission's Open Internet Order.
As recently as January, the FCC was rebuking AT&T (PDF) for seemingly prioritizing its own DirecTV content over that of its competitors. Now, Pai has made it clear that the FCC doesn’t plan to move forward with the investigation.
EFF had high hopes that the Domain Name Association's Healthy Domains Initiative (HDI) wouldn't be just another secretive industry deal between rightsholders and domain name intermediaries. Toward that end, we and other civil society organizations worked in good faith on many fronts to make sure HDI protected Internet users as well.
Now more than ever, it is apparent that U.S. Customs and Border Protection (CBP) and its parent agency, the Department of Homeland Security (DHS), are embarking on a broad campaign to invade the digital lives of innocent individuals.
Beginning March 1, FBI Will No Longer Accept FOIA Requests Via Email
It’s well documented that the FBI is keen on adopting new technologies that intrude on our civil liberties. The FBI’s enthusiasm for technology, however, doesn’t extend to tools that make it easier for the public to understand what the agency is up to—despite such transparency being mandated by law.
The FBI recently announced that it’s removing the ability for the public to send Freedom of Information Act (FOIA) requests to the agency via email. Instead, the FBI will now only accept requests sent through snail mail, fax, or a poorly designed and extremely limited website.
The San Jose City Council is considering a proposal to install over 39,000 “smart streetlights.” A pilot program is already underway. These smart streetlights are not themselves a surveillance technology. But they have ports on top that, in the future, could accommodate surveillance technology, such as video cameras and microphones.
EFF and our allies sent a letter to the San Jose City Council urging them to adopt an ordinance to ensure democratic control of all of that community’s surveillance technology decisions—including whether to plug spy cameras into the ports of smart streetlights.
Imagine if someone, after reading something you wrote online that they didn’t agree with, decided to forge racist and anti-Semitic emails under your name. This appears to be what happened to J. Alex Halderman, a computer security researcher and professor of computer science at the University of Michigan. Halderman is one of many election security experts—along with EFF, of course—who has advocated for auditing the results of the 2016 presidential election. The recent attempts to smear his name in retaliation for standing up for election integrity are a threat to online free speech.
Specifically targeting black children for unlawful DNA collection is a gross abuse of technology by law enforcement. But it’s exactly what the San Diego Police Department is doing, according to a lawsuit just filed by the ACLU Foundation of San Diego & Imperial Counties on behalf of one of the families affected. SDPD’s actions, as alleged in the complaint, illustrate the severe and very real threats to privacy, civil liberties, and civil rights presented by granting law enforcement access to our DNA. SDPD must stop its discriminatory abuse of DNA collection technology.
A group of Mexican nutrition policy makers and public health workers have been the latest targets of government malware attacks. According to the New York Times, several public health advocates were targeted by spyware developed by NSO Group, a surveillance software company that sells its products exclusively to governments. The targets were all vocal proponents of Mexico’s 2014 soda tax—a regulation that the soda industry saw as a threat to its commercial interests in Mexico.
This Friday, EFF lawyers and other experts from the field will lead a conversation about constitutional law at the Internet Archive. The event is open to the public, totally free, and will stream live on Facebook for anybody who can't make it in person.
Come learn about censorship, surveillance, digital search and seizure, and more. Plus, if you can be there in person, there will be a potluck emphasizing apple pie.
Donations are welcome but not required. Details below.
When: Friday, February 17th 5:30pm-9pm (program 6-8)
Last week, a federal court in Seattle issued a ruling in Microsoft’s ongoing challenge to the law that lets courts impose indefinite gag orders on Internet companies when they receive requests for information about their customers. Judge James Robart—he of recent Washington v. Trump fame—allowed Microsoft’s claim that the gags violate the First Amendment to proceed, denying the government’s motion to dismiss that claim. It’s an important ruling, with implications for a range of government secrecy provisions, including national security letters (NSLs). Unfortunately, the court also dismissed Microsoft’s Fourth Amendment claim on behalf of its users.
When tech companies can’t tell users that the government is knocking
Xilinx will get to fight patent troll in home court, but many troll targets will still be dragged to distant and inconvenient forums.
Your smartphone, navigation system, fitness device, and more know where you are most of the time. Law enforcement should need a warrant to access the information these technologies track.
Lawmakers have a chance to create warrant requirements for the sensitive location information collected by your devices.
Sen. Ron Wyden and Reps. Jason Chaffetz and John Conyers reintroduced the Geolocation Privacy and Surveillance Act (H.R. 1062) earlier this week. Congress should quickly move this bill and protect consumers’ privacy from warrantless searches.
Cable and telephone companies are pushing Congress to make it illegal for the federal government to protect online consumer privacy.
Public submissions on the Australian Productivity Commission's proposal to introduce a fair use right into Australian copyright law have just closed, and Australian rightsholders are frothing at the mouth in their attempts to block this long-overdue reform.
The movement to encrypt the web has reached a milestone. As of earlier this month, approximately half of Internet traffic is now protected by HTTPS. In other words, we are halfway to a web safer from the eavesdropping, content hijacking, cookie stealing, and censorship that HTTPS can protect against.
Mozilla recently reported that the average volume of encrypted web traffic on Firefox now surpasses the average unencrypted volume.
This week Sen. Wyden (D-OR) sent a letter to Department of Homeland Security (DHS) Secretary John Kelly stating that he will soon introduce legislation that would require law enforcement agencies to obtain a warrant before searching the data on digital devices at the border. We applaud Sen. Wyden for taking a stand on this important privacy issue.
Sen. Wyden said that he wants to “guarantee that the Fourth Amendment is respected at the border.”
We have been arguing for a while that the Fourth Amendment requires a warrant based on probable cause for border searches of cell phones, laptops and other mobile devices that contain gigabytes of highly personal information.
Case Study: the UK's Search Engine Voluntary Code of Practice
How do you tell the difference between a code of practice that responds to the needs of the Internet community as a whole, and a sweetheart deal cut between government and industry that avoids democratic accountability and sidelines users? This article reveals some of the telltale signs.
Our case study is the announcement this week of an anti-piracy agreement between search engines and creative industries, that was brokered by the UK Intellectual Property Office. This self-styled "Voluntary Code of Practice" requires search engines Bing and Google to take additional steps to remove links to alleged copyright-infringing content from the first page of search results that they return in response to user queries that would otherwise include such links, and from auto-complete suggestions.
An essential principle of copyright law is under threat: the principle that a copyright cannot grant a monopoly over the idea of adding up numbers, drawing a design specified by the user, or moving a robot arm using the designer's movement commands. We are all free to write our own code to achieve the same functional results; copyright only monopolizes the creative expression – if any – in the written code that implements that idea.
SAS Institute would like to change that, harming all of us who rely upon competition in the tech sector and enjoy the benefits that come with it. EFF filed an amicus brief today in the United States Court of Appeals for the Fourth Circuit, urging the judges to protect interoperability, reverse engineering, and innovation by upholding traditional limits on the scope of copyright power.
The “notice-and-takedown” process for addressing online copyright infringement isn’t perfect: it’s often abused to remove lawful speech from the Internet. But it many cases this process, described in Section 512 of the Digital Millennium Copyright Act (DMCA), works pretty well—particularly because of the safe harbors that protect Internet services that comply with the law. That’s why it’s so frustrating that major media and entertainment companies are still pushing the Copyright Office to recommend throwing away the safe harbors and instead order Internet platforms to filter users’ communications.
Major entertainment companies are once again trying to expand copyright law to gain leverage over a wide variety of user-generated content sites. If they succeed, they would have a veto over Internet users’ access to the tools that allow us to remix, mashup, and participate in popular culture. EFF, along with the Center for Democracy and Technology, and Public Knowledge, filed an amicus brief in the case of BWP Media v. Polyvore, urging the United States Court of Appeals for the Second Circuit to defend copyright law’s important protections for user-generated content platforms.
We've been following law enforcement use of ALPR technology a long time, because the information that these readers collect can reveal sensitive details about our lives. Police departments that use ALPRs mount them on patrol cars or on stationary objects and leave them on all the time, meaning that the police can learn where we are and when, whether it’s at our house of worship, our doctor’s office, or a political meeting, and the police can track this data over time.
A bipartisan Congressional committee’s recent report showcases troubling details about police abuse of cell-site simulators, and calls on Congress to pass laws ensuring that this powerful technology is only deployed with a court-issued probable cause warrant.
Cell-site simulators, often called IMSI catchers or Stingrays, masquerade as cell phone towers and trick our phones into connecting to them so police can track down suspect targets, but their use also collects the data and location of innocent bystanders and extracts unnecessary sensitive data in the process.
Update February 28, 2017: Unfortunately, the Montana House Judiciary Committee tabled H.B. 518 on February 27. We look forward to working to pass it next year.
Legislatures around the country are beginning to acknowledge the threat to our privacy presented by companies collecting and using our biometric information—the physical and behavioral characteristics that make us unique. Following on a biometric privacy law passed in Illinois in 2008, lawmakers in Montana are aiming to make Big Sky Country the latest state to enact protections for our faces, fingerprints, irises, and other biometric markers.
Dot-Org Registry Suspends Secretive Copyright-Policing Plan
Yesterday, the group that runs the .org top-level domain announced that they will suspend their plans to create a new, private, problematic copyright enforcement system. That’s welcome news for tens of millions of nonprofits, charities, businesses, clubs, bloggers, and personal website owners that use .org. It’s also surprising, because most of those Internet users had no idea that a new copyright system, strongly reminiscent of the failed SOPA/PIPA Internet censorship bills, might be forced on them.
The idea that you don’t need a subject’s permission to report on them is fundamental to a free press. If a powerful or influential person, or company, could veto any coverage they don’t like, or make sure any embarrassing or incriminating statements disappear, there’d be little point to having a news media at all. Journalism relies on fair use, the idea that you can use a copyrighted work (like a video or audio clip, or piece of text) in certain ways without the copyright holder’s permission. Indeed, the section of U.S. law that defines fair use even explicitly calls out its importance to news reporting and commentary.
If we want to protect free and independent journalism, then we need to protect and strengthen fair use.
Next week the latest round of secret negotiations of the Regional Comprehensive Economic Partnership (RCEP) kicks off in Kobe, Japan. Once the shy younger sibling of the Trans-Pacific Partnership (TPP), the recent death of the TPP has thrust RCEP further into the spotlight, and raised the stakes both for its sixteen prospective parties, and for lobbyists with designs to stamp their own mark on the text's intellectual property and e-commerce chapters.
On February 23rd, a joint team from the CWI Amsterdam and Google announced that they had generated the first ever collision in the SHA-1 cryptographic hashing algorithm. SHA-1 has long been considered theoretically insecure by cryptanalysts due to weaknesses in the algorithm design, but this marks the first time researchers were actually able to demonstrate a real-world example of the insecurity.
Throughout human history, culture has been made by people telling one another stories, building on what has come before, and making it their own. Every generation, every storyteller puts their own spin on old tales to reflect their own values and changing times.
This creative remixing happens today and it happens in spite of the legal cloud cast by copyright law. Many of our modern cultural icons are “owned” by a small number of content companies. We rework popular stories to critique them or assign new meanings to them, telling our own stories about well-known characters and settings. When copyright holders try to shut us down, fair use helps us fight back.
Here are just a few ways remixers are taking culture into their own hands:
* Fan fiction – Kirk and Spock can be gay and Uhura can captain the Enterprise, or that boa constrictor from the zoo scene can become Harry’s familiar instead of taking off for Brazil.
Talking about fair use often means talking about your right to re-use existing copyrighted works in the process of making something new - to make remixes and documentaries, parodies, or even to build novel Internet search tools. But now that copyright-protected software is in almost everything (including our cars, our toasters, our pacemakers and our insulin pumps) fair use has a new critically important role: basic consumer protection.
EFF, Amnesty International, Color of Change, the Center for Democracy and Technology, and our other coalition partners are urging data brokers to take a stand against government surveillance and discrimination based on religion, national origin, and immigration status.
As explained in a joint statement released today, data brokers collect and analyze huge amounts of personal data that could easily be used to identify and profile and track people in violation of their basic human rights.
EFF and our allies are calling on data brokers to disclose whether they’ve received government requests for their data, and to make the following pledge:
We will not allow our data, or services, to be purchased or otherwise used in ways that could lead to violations of the human rights of Muslims or immigrants in the United States. If we cannot guarantee that our data, or services, will not ultimately be used for such purposes, we will refuse to provide them.
Update: March 1, 2017 Today IBM told Ars Technica that it "has decided to dedicate the patent to the public" and it filed a formal disclaimer at the Patent Office making this dedication. While this is just one patent in IBM's massive portfolio, we are glad to learn that it has declared it will not enforce its patent on out-of-office email.
On January 17, 2017, the United States Patent and Trademark Office granted IBM a patent on an out-of-office email system. Yes, really.